Legal claims defining the scope of protection, as filed with the USPTO.
1. A method comprising: providing, by a processor, a protected storage area in a non volatile memory for storing a backup image of software; detecting corruption in the software; accessing the backup image of the software from the protected storage area; and updating the corrupted software using the backup image, wherein the protected storage area is a vendor specific reserved log information storage area of the non volatile memory, the vendor specific reserved log information storage area nominally to store device monitoring information concerning the non volatile memory.
2. The method of claim 1 , wherein accessing the backup image of the software from the protected storage area comprises: identifying whether the non volatile memory is paired with the processor; and in response to identifying that the non volatile memory is not paired with the processor, pairing with the non volatile memory by sending a command to the non volatile memory to write a key in a dedicated area of the non volatile memory, wherein successful pairing with the non volatile memory causes the non volatile memory to enter a paired and unprivileged state.
3. The method of claim 2 further comprising, in response to pairing, entering a paired and privileged state with the non volatile memory by authenticating the non volatile memory in the paired and unprivileged state.
4. The method of claim 2 further comprising de-provisioning the non volatile memory from the paired and unprivileged state of the non volatile memory to an unpaired state by sending a command to the non volatile memory which triggers a challenge-response protocol with another machine.
5. The method of claim 3 further comprising exiting from the paired and privileged state to the paired and unprivileged state of the non volatile memory by sending a command to the non volatile memory to close a secured session.
6. The method of claim 3 further comprising un-pairing the non volatile memory from the host by sending a command to the non volatile memory to delete the key, wherein the non volatile memory is in the paired and privileged state prior to the un-pairing.
7. The method of claim 3 further comprising re-provisioning the non volatile memory back in the paired and privileged state by sending a command to the non volatile memory to override the key stored in the non volatile memory.
8. The method of claim 3 , wherein authenticating the paired non volatile memory comprises sending a command to the non volatile memory to trigger a challenge-response protocol with the non volatile memory and the processor for mutual authentication of the non volatile memory and the processor.
9. The method of claim 8 , wherein the mutual authentication comprises: receiving a first encrypted random number from the non volatile memory, the first encrypted random number encrypted with the key; decrypting the first encrypted random number to generate a first decrypted message; and sending the first decrypted message to the non volatile memory; wherein the non volatile memory verifies the first decrypted message from the host for authenticating the host.
10. The method of claim 8 , wherein the authenticating further comprises: sending a second encrypted random number to the non volatile memory, the second encrypted random number generated by encrypting a second random number with the key; receiving a second decrypted message from the non volatile memory, wherein the non volatile memory generates the second decrypted message by decrypting the second encrypted random number; and sending an acknowledgement to the non volatile memory if the second decrypted message matches the second random number.
11. The method of claim 1 , wherein the backup image of the software comprises backup images of software of one or more components of a computer platform, and wherein the non-volatile memory is part of a solid state drive (SSD).
12. A machine readable storage medium, and not a signal in transmission, including computer executable instructions that when executed cause a processor to perform a method, the method comprising: pairing with a host, by provisioning secret and public keys from the host, to enter a paired and unprivileged state; authenticating the host, by a challenge-response protocol, to enter a paired and privileged state from the paired and unprivileged state; and allowing secure access, to the host, of a backup image of software stored in a vendor specific reserved log information storage area of a non-volatile memory, the allowing of secure access is in response to entering the paired and privileged state, the vendor specific reserved log information storage area nominally to store device monitoring information concerning the non volatile memory.
13. The machine readable storage medium of claim 12 , and not a signal in transmission, wherein pairing with the host by provisioning the secret and public keys comprises: receiving the secret and public keys from the host; storing the secret and public keys; and sending an acknowledgement to the host in response to storing the secret and public keys.
14. The machine readable storage medium of claim 12 , and not a signal in transmission, wherein authenticating the host comprises: sending a first encrypted random number to the host, the first encrypted random number generated by encrypting a first random number with the secret key; receiving a response from the host in response to sending the first encrypted random number, wherein the host generates the response by decrypting the first encrypted random number; and verifying the response for authenticating the host, the host being authenticated when verifying the response is successful.
15. The machine readable storage medium of claim 14 , and not a signal in transmission, including further computer executable instructions that when executed cause the processor to perform a further method which comprises: receiving a second encrypted random number from the host, the second encrypted random number generated by encrypting a second random number with the secret key; decrypting the second encrypted random number to generate a decrypted message; sending the decrypted message to the host for the host to match the decrypted message with the second random number; and receiving an acknowledgement from the host after sending the decrypted message.
16. The machine readable storage medium of claim 12 , and not a signal in transmission, including further computer executable instructions that when executed cause the processor to perform a further method which comprises: exiting the paired and privileged state in response to a command from the host.
17. The machine readable storage medium of claim 12 , and not a signal in transmission, including further computer executable instructions that when executed cause the processor to perform a further method which comprises: de-provisioning the non-volatile memory by un-pairing the non-volatile memory and entering an unpaired state, wherein de-provisioning is performed by a challenge-response protocol with a server.
18. The machine readable storage medium of claim 12 , and not a signal in transmission, including further computer executable instructions that when executed cause the processor to perform a further method which comprises: un-pairing the non-volatile memory by deleting the secret key previously provisioned from the host, wherein the non-volatile memory is in the paired and privileged state prior to the un-pairing.
19. The machine readable storage medium of claim 12 , and not a signal in transmission, including further computer executable instructions that when executed cause the processor to perform a further method which comprises: re-provisioning the non-volatile memory by overriding the secret key in response to a command from the host, wherein the non-volatile memory is in the paired and privileged state prior to and after the re-provisioning.
20. The machine readable storage medium of claim 12 , and not a signal in transmission, wherein the memory controller and the non-volatile memory are part of a solid state drive (SSD).
21. A system comprising: a host comprising a processor; a display coupled to the host; and a solid state drive (SSD), coupled to the host, the SSD comprising: a memory controller, coupled to a non-volatile memory, operable to: store a backup image of software in a vendor specific reserved log information storage area of the non-volatile memory, the device specific reserved log information storage area nominally to store device monitoring information concerning the non volatile memory; pair with the host, by provisioning secret and public keys from the host, to enter a paired and unprivileged state; authenticate the host, by a challenge-response protocol, to enter a paired and privileged state from the paired and unprivileged state; and allow secure access, to the host, of the backup image of the software in response to entering the paired and privileged state.
22. The system of claim 21 , wherein the memory controller is operable to pair with the host by performing a method comprising: receiving the secret and public keys from the host; storing the secret and public keys; and sending an acknowledgement to the host in response to storing the secret and public keys.
23. The system of claim 21 , wherein the memory controller is operable to authenticate the host by performing a method comprising: sending a first encrypted random number to the host, the first encrypted random number generated by encrypting a first random number with the secret key; receiving a response from the host in response to sending the first encrypted random number, wherein the host generates the response by decrypting the first encrypted random number; and verifying the response for authenticating the host, the host being authenticated when verifying the response is successful.
24. The system of claim 21 , wherein the memory controller is operable to perform at least one of: exit the paired and privileged state in response to a command from the host; de-provision the non-volatile memory by un-pairing the non-volatile memory and entering an unpaired state, wherein de-provisioning is performed by a challenged-response protocol with a server; un-pair the non-volatile memory by deleting the secret key previously provisioned from the host, wherein the non-volatile memory is in the paired and privileged state prior to the un-pairing; re-provision the non-volatile memory by overriding the secret key in response to a command from the host, wherein the non-volatile memory is in the paired and privileged state prior to and after the re-provisioning.
25. The system of claim 21 , wherein the display is a touch screen, and wherein software is a firmware.
26. An apparatus, comprising: a memory controller to communicate to a non-volatile memory, the memory controller to: store a backup image of software in a vendor specific reserved log information storage area of the non-volatile memory, the device specific reserved log information storage area nominally to store device monitoring information concerning the non volatile memory; pair with a host, by provisioning secret and public keys from the host, to enter a paired and unprivileged state; authenticate the host, by a challenge-response protocol, to enter a paired and privileged state from the paired and unprivileged state; and allow secure access, to the host, of the backup image of the software in response to entering the paired and privileged state.
27. The apparatus of claim 26 wherein the non volatile memory is a phase change memory.
Unknown
January 12, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.